44 lines
1.1 KiB
Nix
44 lines
1.1 KiB
Nix
{ pkgs, configVars, ... }:
|
|
let
|
|
remoteMachineIp = configVars.networking.addresses.remote-builder.ip;
|
|
in
|
|
{
|
|
nix.distributedBuilds = true;
|
|
nix.settings.builders-use-substitutes = true;
|
|
nix.settings.max-jobs = 0;
|
|
nix.settings.trusted-substituters = ["ssh://${remoteMachineIp}"];
|
|
nix.settings.substituters = ["ssh://${remoteMachineIp}"];
|
|
|
|
nix.buildMachines = [
|
|
{
|
|
hostName = "remotebuild@${remoteMachineIp}";
|
|
speedFactor = 1;
|
|
maxJobs = 10;
|
|
sshKey = "/root/.ssh/remotebuild";
|
|
system = pkgs.stdenv.hostPlatform.system;
|
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
|
}
|
|
];
|
|
|
|
# TODO: set known host here when have static ip on main server
|
|
# programs.ssh.knownHosts = {
|
|
# "merlin" = {
|
|
# publicKey = "server pubkey";
|
|
# };
|
|
# };
|
|
|
|
programs.ssh.extraConfig = ''
|
|
Host ${remoteMachineIp}
|
|
Port 22
|
|
User remotebuild
|
|
IdentitiesOnly yes
|
|
IdentityFile /root/.ssh/remotebuild
|
|
'';
|
|
|
|
sops.secrets = {
|
|
"ssh_keys/root/remotebuild" = {
|
|
path = "/root/.ssh/remotebuild";
|
|
};
|
|
};
|
|
}
|